CVE-2024-27477
Published
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS
Description
In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks.
Leantime is a goals focused project management system for non-project managers. Building with ADHD, Autism, and dyslexia in mind.
GitHub